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Qh, Abstract 



In this paper, we prove tight lower bounds on the smallest degree 
of a nonzero polynomial in the ideal generated by MODq or -^MODq 
in the polynomial ring Fp[x\, . . . ,Xn\/(x\ — xi,...,x'^ = a;„), p,q are 
coprime, which is called immunity over Fp. The immunity of MODq is 
r) , lower bounded by [(n + 1)/2J, which is achievable when n is a multiple 

r ) ■ of 2q; the immunity of -^MODq is exactly [(n + g — l)/gj for every q and 

n. Our result improves the previous bound [ g, Ij^-, J by Green. 
f) ■ We observe how immunity over Fp is related to ylC^fp] circuit lower 

bound. For example, if the immunity of / over Fp is lower bounded 
by n/2 — o(y'n), and |1/| = fi(2"), then / requires AC [p] circuit of 
exponential size to compute. 



1 Introduction 



A fundamental task in computer science is to take sim.ple functions like OR^ 

MAJ, MODq, etc. and determine how difficult it is to represent them as 

^r^ . polynomials over a field Fp. Usually for such questions, it is easy to determine 

the degree required to exactly represent such a function, but when we ask a 
variant such as how hard it is to compute an approximation in low degree it 
can become quite difficult to get tight results. We were led to the following 
question by way of proof complexity and circuit complexity (for example, [1] 
proved general hardness criterion for Polynomial Calculus based on immunity) . 

Question 1. What is the smallest degree of a nonzero polynomial in the ideal 
generated by MODq or -^MODq in the polynomial ring Fp[xi,. . . , Xn]/{xl = 

X\ , . . . , Xj^ Xn) • 

There are several definitions of the same concept. In [T], this value is called 
the immunity of the MODq function, where the immunity of Boolean function 
/ : {0, 1}" — > {0, 1} over some field F is the minimal degree of some nonzero 
function in the ideal (/), where / here is viewed as a polynomial in the ring 
F[xi, . . . , Xn\l{x\ — xi, . . . ,x\ — Xn)- It is also known in the literature as the 
weak p- degree [5] of Boolean function / , and can alternately be defined as the 
smallest degree of a nontrivial polynomial g S Z[xi, . . . , x„] such that 

Vx e {0, 1}", f{x) = =^ g{x) = (mod p) . 



Immunity can also be thought of as measuring how expensive it is to compute 
a function with unbounded one-sided error on 1 by polynomial. 

In cryptography community, algebraic immunity of a Boolean function / is 
defined to be the smaller one between immunity of / and immunity of 1 — / 
over F2. In this paper, we will call it "two-sided immunity" to differentiate with 
the (one-sided) immunity. In cryptography, two-sided immunity is a criterion 
of the security of Boolean functions used in stream cipher system [3] . 

For purpose of our current research, we hoped for a tight lower bound of the 
immunity of functions MODq and -^MODq. However, with not much trouble 
we were able to show an improved lower bound n/2 of MODq function, which 
relies only on the kind of analysis that appears in Razborov-Smolensky. The 
lower bound n/2 of MODq turns out to be tight when n is a multiple of 2q. For 
-^MODq, we prove an exact result of immunity over Fp, which is \_{n + q— l)/gj 
(independent of p), based a symmetrization technique, which was used by Feng 
and Liu [H] in the case of Boolean functions. 

Our result improves Green's lower bound [jT^jtJ [5], which uses complex 
Fourier technique. Green's lower bound improves the results of Barrington, 
Beigel and Rudich 2 and Tsai [12], which proved il(n) lower bound holds for 
slow growing p. 

The paper is organized as follows. In Section 2, we show that weak mod-m 
degree can be reduced to the case of weak mod-p degree, where p is a prime 
factor of m, and thus we only need to consider weak mod-p degree, that is the 
immunity over Fp. In Section 3, we prove the n/2 lower bound for MODq. In 
Section 4, we present the symmetrization technique in an ideal generated by a 
symmetric function. In Section 5, we prove an exact result on the immunity of 
-iMODq based on the symmetrization technique. Moreover, we give two proofs, 
and in the second proof, we prove a more general lemma about the rank of a 
submatrix of the tensor product of matrices satisfying certain conditions, which 
might be interesting on its own. In Section 6, we prove a lower bound on the 
degree of symmetric functions in the ideal generated by MODq, which is close 
to optimal when n -I- 1 is a power of p (or slightly larger than a power of p), by a 
restriction technique. In Section 7, we show the connection between immunity 
over Fp and AC° [p] circuit lower bound. 

2 Composite Modulus 

For the proof complexity and circuit complexity application we had in mind, 
we only actually care about prime characteristic. However, it is natural to try 
to generalize the improvement to composite characteristic as well. In fact, we 
can use a trick similar to what Green did, and reduce the composite case to the 
prime case. For extra clarity, we adopt the language which appears in his paper 

Lemma 2.1. The weak mod-m degree of any Boolean function / equals the 
minimum of weak mod-p degree of /, where p ranges all prime factors of m. 



Proof. One direction is easy, that is, the weak mod-m degree is not greater than 
the minimum of the weak mod-p degree. Suppose the minimum weak mod-p 
degree of /, where p ranges all prime factors of to, is d. That is, there exists a 
nonzero (multilinear) polynomial g G Z[a;i, . . . , x„] of degree d such that 

f{x) =0 ^ g{x) = (modp),Vx. 

Then, we claim that m/pg{x) weakly represent / mod- to,. Because for all x 
with f{x) = 0, g{x) = (mod p) implies m/pg{x) = (mod to,). And m/pg{x) 
(mod TO,) is nonzero because there exists x G {0, 1}" such that g{x) ^ (mod p), 
which implies m/pg{x) ^ (mod m). 

For the other direction, we need to show the weak mod- to, degree of / is not 
less than the minimum of the weak mod-p degree. Suppose g € Z[xi, . . . , x„] is 
some multilinear polynomial weakly represent / with minimum degree d. We 
shall prove that there exists some g' G Z[a;i, . . . , x„] weakly represent / mod p 
with degree < d. 

Let X be any input such that g{x) is nonzero modulo m. By the Chinese 
Remainder Theorem, for some maximal prime power q of to,, g{x) is nonzero 
modulo q, so g is a nonzero polynomial modulo q. 

Now suppose that q = p'^. If (7 is a nonzero polynomial modulo p as well, 
then we are done by letting g' = g. If 5 as a function is zero modulo p but not 
modulo g, then it is easy to see that every coefficient of / must be zero modulo 
p] if not, take a monomial S such that for every T C S, the coefficient of T is 
zero, then the input such that Xi — 1 iS i Cz S must have nonzero value modulo 
p. Thus, if g is zero as a function modulo p, but not modulo q, its coefficients 
are all divisible by p, and the integer polynomial g/p is nonzero modulo q/p. By 
iterating this, eventually we obtain a divisor g' of g which is nonzero modulo p, 
and hence g' has degree not greater than that of 5. D 



3 Lower Bound for MOD^ 

Consider the following quotient of the polynomial ring, R :— Fp[xi, . . . , Xn]l(x\ = 
Xi, . . . ,x'^ = Xn), sometimes called the Razborov- Smolensky ring. Each element 
of R has a unique multilinear polynomial representative, and generally we iden- 
tify an element of R with this representative. Each polynomial also determines 
a map from {0, 1}" — > Fp by evaluation, and in fact this induces an isomorphism 
of Fp-algebras between R and the algebra of functions {0, 1}" -^ Fp. So we also 
will often identify an element of R with function it computes on boolean inputs. 
Sometimes authors define the MODq function slightly differently in different 
contexts, and here we will focus on this one first: 

Definition 3.1. Let Xq denote the element of R defined by 

Xq{xi,...,Xn).-< Q otherwise ' ^ ' 



Then, by definition, the immunity/weak p-degree of Xq is the smallest degree 
of a nontrivial clement of the ideal generated by Xq in R- 

Observation 3.2. / e {xq) iS f = f ■ Xq- 

Proof. By definition, / € (xq) if f = 9 ■ Xq for some g, so (<— ) holds. Now lets 
do (-^). Since Xq is zero-one valued, x^ ^ Xq, so f ■ Xq ^ 9 ■ xl = 9 ■ Xq = f, so 
(— >■) holds as well. D 

Following the general Razborov-Smolensky methodology, let uj denote a 
primitive g'th root of unity found in some large enough extension field of Fp 
(if Fp did not already contain ui, observe that (xq) contains only more polyno- 
mials when we work over a larger field). Note that this does not require that q 
be a prime. Define new variables yi :— l + {uj—l)xi. Then the yi are elements of 
R, but also Xi is determined by yi so if we like for any function f{x) € R, we can 
think of it as a function f{y) : {1, cj}" —^ Fp. Of course it has a unique multilin- 
ear representation in the variables yi as well. While the coefficients might look 
different, its degree in this representation must be the same, because the degree 
of a polynomial cannot increase under a linear transformation of the variables, 
and our linear transformation is invertible. 

We will also introduce variables y[ := 1 + (cj^^ — l)xi, and by the same 
reasoning, we know that for any f £ R, its degree as represented in the Xi, yi, 
or y'^ is the same. Note also that yi ■ y'^ — 1 as elements of R. 

Observation 3.3. / G (xq) iff / = / • 11. jA- 

Proof. Think of Y[i y'i as a function in the x- variables. Because w is a g'th root 
of unity, Jli J/i 7^ f if ^^'^ '^^^Y if Xq — 0- Thus, Xq ' (Ili J/i ^ 1) = 0- Therefore, 
for any / e (x,), 

so f■Y{^y'^=f■ □ 

Now we use this to prove the main result. 
Theorem 3.4. If / G (Xg), then / = or / has degree > n/2. 
Proof. Suppose not. Consider /'s representation as a polynomial in the j/j, 

s ies 
For any monomial S, we have that 

les I i^s 



Since f = f ■ Yli UiJ '^6 deduce that /'s representation as a y[ polynomial is 

s tes 

If the polynomial f{y) is nonzero and has degree less than n/2, then this polyno- 
mial representation of /(y') has at least one nonzero monomial of degree strictly 
larger than n/2, and so has degree greater than n/2. But this is a contradiction, 
since as we saw before, the degree of the polynomials f{y) and f{y') must be 
the same, as they are linear transformations of one another. D 

Note that nowhere did we assume that q was not composite, only that it is 
coprime with p, which is sufficient to find a q'th root of unity in a large enough 
extension of Fp . 

The idea in the above proof also can be used to show an upper bound of the 
immunity of ^Xg- Again, w is a qth root of unity, and yi — (lu — l)xi + 1 and 
y'^ = (w^^ — l)xi + 1, which is the inverse of yi. It's easy to see that 

i<n/2 i>n/2 

holds for aU x with |a;| ee (mod q), since 1 = n,<„ Vt = Ut<n/2 y^iUt>n/2 J/^)"^ 
which implies 

n y»" n 2^^^ ^^s)- 

i<n/2 i>n/2 

Thus, the immunity of ^Xg is upper bounded by \n/2~\ . 

The tightness of the lower bound n/2 is shown by the following example. 
Let n be even and n/2 = (mod q), and let 

n/2 

g = JJ(a;2j-i -X2i). 

i=0 

It's easy to see g e (Xq), because g{x) — for all x with |a;| ^ n/2, and thus, 
g{x) = for all x with |a;| = (mod q). 

4 Symmetrization 

One key ingredient of our improved lower bound for ^Xg is the fact that we can 
symmetrize any function in a symmetric ideal, where symmetric ideal is an ideal 
generated by a symmetric function. If the characteristic of the field is zero, this 
is trivial, for we can summing over all permutations of some given function to 
obtain a symmetric one with algebraic degree non-increasing. When working 
over finite field, this averaging technique does not work because we may get a 
zero function. 



However, we could still symmetrize an annihilator to some simple form, as 
the following lemma says. The following lemma is proved by Feng and Liu in the 
case of Boolean functions, that is, F = F-2 [S|. For the ring F[xi, . . . , Xn]/[x\ = 
ii, . . . , x^j = Xn), the proof is almost the same. The idea is to symmetrize step 
by step in order to avoid getting a zero function in contrast to summing over 
all permutations in the case of characteristic zero. 

Lemma 4.1. If / G F[xi,. . . ,Xn]/{x\ — xi,...,x^ — x„) is a symmetric 
function, there is a lowest degree g in (/) of the following form 

e 
9 = 9'Y[{x2i-i-X2i), (2) 

where g' is a symmetric function on variables X2£+i, . . . , 2;„. 

Proof. Prove by construction. Let g be a function in (/) with lowest degree. 
If g is symmetric, then we are done. Thus assume g is not symmetric. Since 
the symmetric group S'„ is generated by all transpositions (i, j), 1 < i < j < n, 
the assumption that g is not symmetric implies there exists some transposition 
TT = (», j) such that Tr{g) ^ g. Let 

9' = 9- <9) + 0. 
In fact, g' = (xi — Xj)h, where /i is a symmetric function on {xi, . . . , x„} \ 
{xi^Xj}. To see this, write g — go + giXi + g2Xj + g^XiXj, where go,gi,g2,g3 are 
functions on {xi, . . . ,a;„}\ {xi, Xj}. And thus Tr{g) = go + giXj + g2Xi + g^XiXj, 
which implies 

9 -'^{9) = {xt-Xj)(gi -52) 
Repeat this procedure on h = gi — g2 until one gets a symmetric function. 
Finally, we find a function g in ideal (/) with the following form 

e 
9 = 9' '[[{xt2..i -xt^j, 

indexes ti,t2, ■ ■ ■ ,t2i can take 1,2, . . . ,2i because we could apply a permutation 
TT to g which sends U to i, which is in the ideal (7r(/)) = (/) for / is invariant 
under all permutations. D 

The above lemma has the following consequence. In order to lower bound 
the degree of nonzero functions in some symmetric ideal (/) in R, we only 
need to consider all functions of the form g ~ 5'ni=i(^2i-i ~ X2i), where g' 
is symmetric on variables X21+1, ■ ■ ■ ,Xn- The fact that /(x) = ^ g{x) = 
g' Y[i=ii^2i-i — X2i) = is equivalent to f\p{x) = => 9'{x) = where p is the 
restriction setting xi = X2 ^ ■ . ■ = X21-1 = and X2 = X/^ ^ . . . = X21 = 1, that 
is, g' is in the ideal (/|p). Therefore, we have the following corollary. 

Corollary 4.2. Let / € F[xi, . . . ,Xn]/{xl — xi,. . . ,x\ = x„) be a symmetric 
function. The lowest degree of a nonzero function in (/) equals the minimum 
degree of deg(g) + 1, where g G (/|p) and p ranges over all restrictions setting 
Xi = X2 — ■ ■ ■ = X21-1 — and X2 = a;4 = . . . = X2i = 1, < £ < n/2. 



5 Lower Bound for -iMOD, 



By Corollary I4.2[ in order to prove symmetric / has immunity not less less than 
d, it's equivalent to prove any nonzero symmetric function in (/IpJ has degree 
not less than d — i, for i = 0, 1, . . . ,min{[n/2j, d}, where restriction pi sets 
a;i,a;3, . . . ,X2i-i to 1, and X2,X4, . . . ,X2i to 0. 

It's easily checked that if the truth value table of symmetric function / is 

Vf = ivfiO),Vfil),...,Vf{n))eFi^+\ 

then the truth value table of /|p. is 

«/l.. = («/(0> M^ + l),.--, Vf{n i)) e F-+'-'\ 

Assume function t; is a symmetric function in (/) of degree less than d, and 
we can write g = "^i^^ctai, where ai is the elementary symmetric polynomial 
of degree i. For convenience, we define function i/^jj : N — )■ F2 by 



M^) = ( 



_i )^^;^ 



which is the evaluation ao,ai, . . . ,ad-i at value i. The fact g e (/) implies 
5(1/7) — for all w with Vf(w) ~ 0, that is 



fMn)\ 

V'd(«2) 



/co\ 



\Mh)J 



txd 



C\ 



Vd) 



where Vf{ii) = ... = Vf{it) = 0. Therefore, {~^Xq) has nonzero symmetric 
function of degree less than d if and only if the rank of {V'd(w) : Xq{w) = 1} 
is smaller than d. It turns out the rank of {'4}d{'w) : Xqiw) — 1} is always full 
(equals the number of vectors) . 

The lower bound of immunity of -^Xq follows from the following lemma. We 
will present two proofs of the following lemma, and the first one is much simpler. 
However, we are reluctant to discard the second one since it has a byproduct as 
we will later see. 

Lemma 5.1. Fix a prime p. Let integers a > and d > 0, and q is coprime to 
p. Vectors 

Ma), Ma + g), • ■ • , V'd(a + {d- l)q) e F^ 

is a basis F^. 

Proof. It suffices to prove the determinant of V'd(a), -0^(0+9), . . . , ^l^d{a+{d—l)q) 
is nonzero, which turns out to have a simple closed form. 



For convenience, let ai = a + iq. 



( a) 
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(?) 
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q 
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ai(ai 



(flo 
(ai 



rf 
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ad-i{ad-i - 1) • • • (fld-i - rf - 2)/ 



which is nonzero for g is coprime to p. In the above calculation, the first step is 
by the definition of binomial coefficients; the second step is by adding column 
i to column i + 1 for2 = 1,2, . . . ,d — 1; and the third step is by Vandermonde 
determinant formula. D 

Now we can calculate the immunity of ^Xg: which is defined to be the min- 
imal degree of a nonzero function in the ideal {~^Xq)- 

Theorem 5.2. Let p be a prime, and g > 2 an integer coprime to p. The 
immunity of -^Xq over Fp is [ "^~ J , which is independent of p. 

Proof. By Lemma 15.11 the minimal degree of nonzero symmetric function in 
{~^Xq) is the weight of Xq: which is [-J + 1; the minimal degree of nonzero 
symmetric function in {~^Xq\pi) is the weight of Xqlpu which is [-^^^J; ■..; the 
minimal degree of nonzero symmetric function in {~^Xq\ ^ '" ' " * ' ' *~ 
Therefore, the immunity of of -^Xq is 



i«L^J-L^J- 



mm{L-J+l, L J-L- 

q q 



1 



1, 



■,K2J}, 



min{[ 



n + q - 1 



J}, 



which is easy to check. 



□ 



Now, let's present the second proof Lemma [5.11 by proving a more general 
result about the rank of tensor product of matrices. 

Definition 5.3. Call A G Mnxn{F) strong nondegenerate matrix if for any 
1 < t < n and 1 < ii < . . . < it < n, submatrix M (ii, . . . , i^; 1, . . . , i) always 
has full rank t. 

Call A G MnxniF) weak nondegenerate matrix if for any I < t < n and any 
integer a, and any q coprime to n, submatrix M{a,a + q, . . . ,a+{t — l)q; 1, . . .,t) 
always has full rank t, where the row indexes are computed mod the size of 
matrix A. 

By the definition, a strong nondegenerate matrix is always weak nondegen- 
erate. The following theorem says we can construct many weak nondegenerate 
matrices by taking tensors products of strong nondegenerate ones. 

Theorem 5.4. The tensor product of strong nondegenerate matrices is weak 
nondegenerate. 

Proof. Suppose Ai, . . . ,Am are strong nondegenerate matrices, and g > is 
coprime to the size of each Ai . We need to prove matrix 

{Ai ® . . . (g) Am)ia, a + q,... ,a+ {d- l)q; 1, . . . , d) 

has full rank d. Let £ be the size of B, and let Ai he p x p matrix, and thus q 
is coprime to both p and i. 

Prove by induction on m. For the basis m — I, the conclusion is trivial 
by the definition of nondegenerate matrix. Let's assume it's true for m ~ I, 
and prove it for m. Let B = A2 ® . . . ® Am- Recalling the definition of tensor 
product, 

/aiiB ai2-B ... aipB\ 
o-2iB 022-8 . . . a2pB 



Ai^B = 



(3) 



\apiB ap2B . . . appBj 

Letd= ld/£\i + d'. 

Case 1: d < £. By the definition the non-degenerate matrix (Definition 
I5.3p . Oil, i = 1, . . . ,p, are nonzero in the field F. Thus, 

{A{a; 1, . . . ,d), A{a + q:l, . . . ,d), . . . , A{a + {d ~ l)q; 1, . . . , d)) 
= (B(a; l,...,d),Bia + q;l,...,d),..., B{a + (d - l)g; 1, . . . , d)), 

which has full rank by induction hypothesis on m, — 1. 

Case 2: d > i and d' = 0. Since q is coprime to p£, d ~ ld/i\i numbers 
a, a+q, . . . , a+{d— l)q runs over {0, 1, . . . , i— 1} for exactly t — d/£ times, which 
implies for any j e {0, 1, ...,£— 1}, there exists t distinct numbers ii , 12, . . . , it S 
{a, a + q, . . . ,a + (d — l)q} which is congruent to j mod £. 

For convenience, let B{i) denotes the ith row of B, and let 

B('=)(i) = (0,...,0)®S(i)®(0,...,0), 
ic-i)e (t-c-i)£ 



where c— 1, . . . , t. Let F'^ — Si (B ■ ■ ■ (B St, where Si is the subspace of F'^ of 
dimension £, generated by e(i_i)f+i, . . . , en. 
By definition of tensor product ^ , 

A{n; l,...,d)^ a,,^^iBW(j) + a^^^^B^^Hj) + ... + a.;.ti?(*)(j) 
A{i2; 1, . . . ,d) = a,^,iB(i)(j) + 0,^,2^(2) (j) + . . . + a,- tSW(j) 



Aiit; l,...,d)= a.j,iS(i)(j) + a,j,2B(2)(j) + . . . + a,i,tBW(j), 

where i'f. = [ik/^l ■ Since matrix Ai is non-degenerate, the coefficient matrix 
io.i'.,k)j,k=i t is invertible, which impUes 

{B('Hj),...,B('\j)) C (A(*i;l,...,d),...,A(*,;f,...,d)) 

C {A{a; f , . . . , d), . . . , A(a + (d - l)q; l,...,d)) 

Since j e {0, ...,£- f} is arbitrary, we have B'-"^ (0), . . . , B('^i-l),c = f , . . . , i, 
is in the hnear span of A{a; 1, . . . ,d), . . . , A{a+ {d—l)q;l,...,d). By induction 
hypothesis, B^'^\0), . . . ,B^'^\(. — 1) is a basis of subspace 5c of dimension (. in 
F"^; since F'^ is the direct sum of 6*1, . . . , St, we complete the proof of this case. 

Case 3: d > £ and d' > 0. Since q and p£ are coprime, d — d' numbers 
a + d'q, . . . ,a + {d — l)q runs over {0, 1, . . . , i? — 1} for exactly t = [d/£\ times, 
and the extra d' numbers a, . . . , a + (d' — l)q numbers are distinct mod i. This 
implies for any j G {a, . . . ,a + {d' — l)q}, there exists t + 1 distinct numbers 
ii,i2, ■ . ■ ,it & {a, a + q, . . . ,a + {d — l)q} which is congruent to j mod £. 

Similar to Case 2, let B{i) denotes the «th row of B, and let 

B(")(z) = (0,...,0)®B(i)®(0,...,0), 
(c-i)e d-ce 

where c = 1, . . . ,t. However, for c = i + 1, let 

B(*+i)(i) = (0,...,0)©B(z;l,...,d'). 
u 

Again, by definition of tensor product ([3]), 

A(*i; 1, . . . ,d) = a^'^sB^^Kj) + a.;,2i?('Hj) + ■ • • + a.;,t+ii?(*+^)(j) 
Afe; 1, . . . ,d) = a.iB('Hj) + a,,B'^^\j) + ... + a,. ,,+ii3(*+i)(j) 



A{it+i- 1, . . . , d) = a,;^^,iB(i)(j) + a,;^^,2S('Hj) + • • ■ + a.;+,,t+i^^*+'Hi), 

where i'^ = L*fe/^J ■ Since matrix Ai is non-degenerate, the coefficient matrix 
{0'i'.,k)j,k=i,...,t+i is invertible, which implies 

(5(1) (j), . . . , B^'\j)) C (A(*i; 1, . . . , d), . . . , A{it+r, 1, . . . , d)). 

10 



Since j £ {a, . . . ,a+{d'—l)q} is arbitrary, we conclude B^*~^^\a), . . . , B^*'^^\a+ 
{d! — l)g), is in the linear span of A{a; 1, . . . , d), . . . , A{a + {d ~ l)q; 1, . . . , d). 
By induction hypothesis, B(*+i)(a), . . . , B(*+i)(a + {d' - l)q) is a basis of St+i- 
After mod out St+i from F'^, and repeat the argument as in Case 2, the proof 
is complete. D 

Lemma TS . 1 1 follows from the above theorem by taking A = ((^))ij=o,...,p-i 
and thus ipdii) = {A (E) A (E) ■ ■ ■ ^ A){i; 1, . . . , d) by Lucas formula. The fact that 
^ is a non-degenerate matrix can be shown by computing its determinant as in 
the proof of Lemma 15.11 

6 Lower Bound for Symmetric Functions in (xq) 

By the result in Section 4, to lower bound the immunity of Xqi it's equivalent 
to lower bound the degree of symmetric functions in the ideal (xq), {Xq\pi)i ■ • -i 
where pi is the restriction sending X2j-i to and X2j to 1 for j = 1, 2, . . . , i. 
When restricting our attention to only symmetric functions, it becomes much 
easier to deal with. 

In this section, we will lower bound the degree of symmetric functions in 
iXq), and the result here is not strong enough to prove \n/2~\ lower bound for 
every n. However, in some special cases, such as n + 1 is a power of p, we will 
prove better lower bound on the degree of nonzero symmetric functions in (xq) 
which is close to optimal. 

Let / : {0, 1}" —>■ Fhe a. symmetric function in R, and let Vf : {0, 1, . . . , n} — )■ 
F be its value vector, i.e., w/(|a;|) = f{x). It's clear that any symmetric function 
in R can be written as a linear combination of elementary symmetric polyno- 
mials (To, . . . , Un, that is, 

n 

f{x)^Y.^f{i)a,{x), (4) 

1=0 

where c/ = (c/(0), . . . , c/(n)) S F""*"^ is the coefficients of / in the above form. 
Given Cf , the value of Vf is determined by 



i=o ^■'^ 

By a special case of Mobius inversion on the Boolean lattice, c/ can be written 
in Vf as follows, 

c/« = E(-ir+^(j)«/(j)- (6) 

i=o ^"'^ 

The following proposition is an immediate consequence from equations ([5]) and 
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Proposition 6.1. There is a symmetric function in R of degree less than d 
supported only on points of hamming weight in S* C {0, 1, . . . , n} if and only if 
there is a symmetric function in R supported only on monomials of weight in S 
which takes value zero on every input point of hamming weight not less than d. 

By the above proposition, the following lemma implies the lower bound of 
the degree of symmetric functions in the ideal (xq), when n + 1 is a power of p. 

Lemma 6.2. Let / € i? be a nonzero symmetric function supported only on 
monomials of weight in Sa = {a, a + q,a + 2q, . . . ,} C {0, 1, . . . ,N = p" — 1}, 
which takes value zero on every input point of hamming weight not less than d. 
Then, 

pi 

where i — [logpl*? - 1)J • 

Proof. If / is symmetric supported only on monomials of weight in Sa, and 
w is an integer variable representing the weight \x\ of x, we can express / : 
{0,l,...,7V = p"-l}^Fp as 

k ^ 

Now we employ Lucas' Theorem, in the mod p case. 
Claim 6.3. 

- n [kj ("i°'i p) 

where Wi, ki are the i'th bits in the p-adic representation of w, k respectively. 

It is easy to see that (™'j = 1, ('^'j — Wi, . . . , (""') — Wi{wi — 1) . . . [wi — 
j + l)/jl, ..., {j^_\) = Wi{wi - 1) ...{wi - p + 2)/(p - 1)! which are linearly 
independent in the polynomial ring Fp[wi]. Let's veiw (?) as a polynomial 
of Wo, wi, . . . , Wn-i- From the linear independence of ('JJ') , . . . , ( ^^"j , we claim 
terms (^) , (™) ,...,( „"^^) are linearly independent as polynomials in F, [wq, ■ ■ ■ ,Wn 



Let's write 






and view it as a polynomial in F|[i(;o, ■ • ■ ,Wn-i\- We will show that if Cfe = 
except when k E Sa, then / takes a nonzero value of large hamming weight as 
a function {0, 1, . . . , N} — > F2. To achieve this, fix a parameter £. We will hit 
/ with a restriction which sets the i highest order bits of input w to p — 1 - 
if we can prove that the restricted polynomial is nonzero, it implies there is a 
nonzero point of value at least {p^ — l)p"~^ — N{1 — p~^). Thus we would like 
to do this with t as large as possible. Let p denote this restriction. 
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What happens when we restrict a term (here, term is specifically refer to 
a multiple of (^), (^), . . . , {^Zi)) and obtain nr^o' (IOIp? We get exactly 

the term UZLi (T/) 111=0^"^ iZ)' ^^^""^ ^^^ constant factor U7^n-i (T.\) is 
always nonzero. Thus, this linear map maps every term to (nonzero multiple 
of) a term. If all terms corresponding to a,a + q,a + 2q, . . . map to distinct 
terms, it implies this map is injective on the domain of all such /, and thus that 
the image of a nonzero / is a nonzero polynomial as desired. 

When do the terms corresponding to two multiples a + kiq,a + k2q of q map 
to the same term under this restriction? As we saw, this happens if and only if 
they agree on their n — £ lowest order bits, which happens if and only if 2"^^ 
divides (fci — k2)q. Since q is coprime to p, this implies 2"~^ divides fci — fc2. But 
ki — k2 < N/q. Thus £ < log^ q implies this can only happen if fci — fc2 = 0, that 
map is injective. Therefore, we take i = [logp(q — 1)J, which is the maximal 
integer less than log q, and our conclusion follows. 

D 

As a consequence of the above lemma and Proposition 16. 1[ we can lower 
bound the degree of a symmetric nonzero function in the idea (xq), when n + 1 
is a power of p. 

Corollary 6.4. Let n > 1 be an integer such that n + 1 is a power of p. Let 
/ G (xq) be a nonzero symmetric function, then 

deg(/)>n(l-l), 

where i — [logp(g — 1)J . 

In the case that n + 1 is a power of p, and g + 1 is a power of p, the above 

corollary gives lower bound n(l zr): which is close to the optimal. Because 

if we view Xq as a symmetric function from {0, 1, . . . , n} to F, it takes zero 
on n — [n/q\ — 1 points, which implies there must exsit a nonzero symmetric 
function in (xq) of degree n — [n/qj — 1 by solving n — [n/gj — 1 in n — [n/gj 
variables in the form ((4]). 

In the case that n + 1 is not a power of p, we can reduce to the former case 
by applying a restriction p with support size n' such that n — n' + 1 is a power 
of p. However, we may lose a lot if n + 1 is much above a power of p. 

Corollary 6.5. Let n > 1 be an integer, and n' = n+1 — pLiogp(»+i)J ^j^jj t]-^us 
n — n' + 1 is a power of p. Let / e (xq) be a nonzero symmetric function, then 

deg(/)>(n-n')(l-^), 
pt 

where i — [logp(g — 1)J . 

Proof. Let / e (xq) be a nonzero symmetric function with minimum degree. Let 
p be a restriction restrict n' bits to constant, either or 1, such that /|p 7^ 0. It's 
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easy to see such restriction exists, because if all restrictions of size n' restricts / 
to zero, then / is a zero function. Moreover, /|p is also symmetric, and in the 
ideal {Xq\p)- By Proposition 16.11 and Lemma [6.21 we know that 

deg{f\p)>{n-n'){l-\). 

The conclusion follows by observing deg(/|p) < deg(/). D 

7 Immunity and Circuit Lower Bound 

The following is a classical result due to Razborov, which says functions com- 
puted by ylC°[p] circuits correlates with low degree polynomials over Fp[xi,. . . , Xn]/{x\ 

X\j . . . , Xji — ^n)- 

Theorem 7.1. \W Let C be an ylC°[p] circuit of size S and depth d. For every 
^ > 0, there is a polynomial p{x) in Fp[xi, . . . , a;„]/(xf = xi, . . . , cc^ = Xn) of 
degree at most ((p — 1)£)'^ such that 

Pr [C{x)^p{x)]<^^. 

Therefore, one approach to prove AC''[p] circuit lower bound is to prove 
correlation bound of low degree polynomials. In Smolensky's 1993 paper [TT] . 
he proved Hilbcrt function is an "invariant" for low degree polynomials. 

Definition 7.2. Fix the field F. The Hilbert function h^{S), where S C 
{0,1}", is defined as the dimension of the following subspace 

{/Is : / e F[xi,...,Xn]/{xl ^xi,...,xl =a;„),deg(/) < m}. 

Smolensky proved that high Hilbert function implies correlation bound with 
low degree polynomials. 

Theorem 7.3. [H] The distance of /, where S is the zero set of /, to any 
degree d polynomials (all nonzero is viewed as 1) is lower bounded by 

2h^{S)-\Sl 

where m < {n — d — l)/2. 

The following observation relates Hilbert function with immunity. By the 
definition of Hilbert function, 

hUS) - dim{/|s : deg(/) < to} 

M - dim{/ e (5) : dcg(/) < m}, 
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where (S) denotes the ideal of functions vanishing on S, and (<" J = J2i<m ( i) • 
If the immunity of S is greater than m, which means dim{/ e (5) : deg(/) < 
m} = 0, and thus hm{S) achieves the maximal (<;'^)- 

Since the immunity of Xq is lower bounded by n/2, hm{S) ~ (<"„) for ^^Y 
m = [n — d— l)/2 < n/2, where S is the zero set of Xq- Fo^' aU d = o{^/n), we 
have 

2h^{S)-\S\ - 2f / V2"(l-- + o(l)) 
\< mj q 

= 2"(l-o(l))-2"(l-i + o(l)) 

on 

= --«(2"), 

q 

By Theorem 17.31 function Xq is different from any degree o(-y/ri) polynomials 
on at least 2"(l/g ~ o(l)) points. Taking ^ = 0(log7i) and 5 = n°(i) in 
Theorem 17.11 thus C(a;) can be approximated by a o{\/n) function with error 
o(l). Combining these two facts implies any polynomial size ylC''[p] circuit can 
only output the correct answer on at most 2"(1 — 1/q + o(l)) points, and this 
was proved by Smolensky pTj. 

Note that above argument works as long as Boolean function / has immunity 
> n/2 — o{y/n) and |1/| = f^(2"), then / has exponential 74C*'[p] circuit lower 
bound. 

For another example, let's consider the qth residue character function, A^ : 
{0, 1}" -)■ {0, 1} on finite field F2-^. Fix a basis 6i, . . . , 6„ of Fa^ over F2. Map 
4> : {0, 1}" -^ F2- is defined as 

n 

1=1 

Then Aq{x) = 1 if and only if there exists y G F2" such that y'^ = x. Kopparty 
[6] proved exponential AC^ [©] circuit lower bound of the gth residue character 
over ^2" ■ In fact, he proved something stronger, which is the lower bound of 
computing a large power in -Pj"- Here, we present a simple proof by immunity. 
Carlet and Feng [3] proves the quadratic residue function has one sided 
immunity not less than n/2, and their proof also works for gth residue character 
function. Since it's a nice and simple proof, we reproduce the proof here. 

Theorem 7.4. Assume q divides 2" — 1. The immunity of -^Aq{x) over F2 is 
greater than d, as long as (^^) < 2"/'Z- 

Proof. Let / be a polynomial in {^Aq{x)) with degree < d, and we shall prove 

/ = «• 

The trick is to view / as a function / from ^2^ — ?► F2™ by the natural 

map (j), given the basis &i , . . . , 6„ of i^2" over F2 . Given f : F2 ^ F2, define 

/ : F2-^ -> Fa-^ by 

f{x) = f{xi,X2,...,Xn), 
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where x — xihi + . . . + a;„6„. It's easy to see any function from i^2" -^ -^2" can 
be written as a univariate polynomial of degree less than 2". Thus, write 



/(^) 



0<i<2'«-l 



0<i<2"-l 



CiX 






y OiXi 



n — 1 / n 



E 



n 



Y^ Lis2= is 

2^K X,' 



(7) 



0<i<2"-l s=0 \i=l 



where i = ^^ is2'' is the binary representation of i. Imagining ([7]) is expanded, 
it's easy to see the coefficients of Higs ^* ^^^ ^^y "^ — I*^] should be in {0, 1}, 
and coincides with the expansion of / : _Pf — )■ F2, for they are taking the same 
value on every xi, . . . , x„. From this, we see the degree / : F^ — )• F2 is 

max{w2(«) : Q ^ 0}, 

where W2{i) is defined as the number of I's in the binary representation of i. 
Hence, assume 

fix) = J2 ^»^*' 

0<i<2^-l 

and we will show f{x) — 0, that is, q = for all i. 

Let ^ be a primitive root of i^2"- Since / is in {-^Aq{x)), f has to take on 
^°,?^?'^..-,e'"-\thatis. 



cqn cqi-2 

\ctqii etqi2 






ftqim I 



= 0, 



(8) 



Vc.J 



where t — (2" — l)/^ and ii,...,im enumerates all i with 'W2{i) < d. By 
assumption (^^) < 2"/(7, we have m < t. Since the matrix on the left hand side 
of ([5|) has full rank m by Vandermonde determinant formula, Ci-^ — Ci^ = ■ ■ ■ ^ 
Ci^ = 0, which completes the proof. D 



Let 5" be the one-set of Aq. For integer m such that 
above theorem, we have 



<<m} 



> 2"/g, by the 



2/i™(^) - \S\ > 2KAS) - \S\ > 2"(- - 0(1)), 

where m' is the largest integer such that (<^,) < 2"/g, and thus m' = n/2 — 
&{^/n) for fixed q. Combining with Theorem 17.31 function Aq is different from 
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any degree o{y/n) polynomials at 2"(l/g — o{l)) points. Following the same 
argument as we did for MOD function, any polynomial size ^C°[®] circuit can 
agree with A, on at most 2"(1 — 1/q + o(l)) points. 

Moreover, by the immunity argument, we can prove the following result, 
which improves the size bound by Kopparty f6] from 2" to 2" \ 

where e > is arbitrarily small, where the constant \/{2d) on the double ex- 
ponent seems to be the best we can get by the direct Razborov-Smolensky 
approach. 

Theorem 7.5. For every AC°[®] circuit C : {0, 1}" -> {0, 1} of depth d and 
size 5 < 2" , where e > is arbitrarily small, we have 

Pt[C{x) = A,(x)] <!--+ o„(l), (9) 

X q 

where o„(l) goes to as n goes to infinity after q and e are fixed. 

Proof. Applying Razborov's Theorem l7.1l bv taking i = 7ji/(2+0-5e)d^ there exists 
a polynomial of degree < (f^ = jt^i/(2+o.5£)^ such that, 

Pr[C(x) ^ 9{x)] < ,,,!.,,,, = o„(l). 

X ^ 



Meanwhile, by Theorem 17.31 and Theorem 17.41 

Pr[A,(x)^g(x)] > (2/i„(5) - |^|)/2" 



> 
> 



(2/i(„_,._i)/2(5) - \S\)IT 
{'^Ki2-oi^){S)-\S\)IT 

1 

--o„(l). 



By triangle inequality. 



Pr[A,(x) ^ G{x)\ > Pr[A,(x) ^ g{x)] - Py[C{x) + g(x)\ - ^ - o„(l), 

which proves the theorem. □ 

In fact, what Kopparty proved in [6] is for gth residue function Ag : .P^" — ^ 
{0, 1, . . . , g — 1} instead of the q\h residue character function. We can easily 
modify the above argument for gth residue function as follows, where the right 
hand side of ([9]) will become 1/q + 0(1). Given e > 0, suppose for contradiction 
that there exists a circuit C of depth d and size 2" agrees with A^ on 

> l/q' fractions, where 1/g' > l/q. Again, taking £ = jji/(2+0-5e)d -^^ Theorem 
17. 1[ there exist polynomials go,. . . ,gq-i of degree <£''■ — 7ji/(2+o.5e) _ o{^/n) 
which agrees with Pq, . . . , Pg_i on 1 — o(l) fraction respectively, which implies. 



^Pr[g,(a;) = lp.(a;)]>l/q'-o(l), 



17 



where Pi = {x G F2^ : Aq{x) — i}. Denote hy S = {x : gi{x) — 1 for some i G 
Pi}, where 5 > (1/q'— o(l))2". By the Hilbert function and immunity argument, 
ah polynomials of degree < d, where (^^) > 2"(l/q + o(l)), can represent 
any function restricting on Pi. Since the existence of go,gi, . . . ,gq^i, degree 
d + maxi deg{gi) polynomials are sufficient to represent any functions on S. The 
contradiction comes from a double counting: the number of such polynomials 
is upper bounded by 2^^'^+'^'s(g)) — 2^ (i/?+o(i))^ while the number of Boolean 
functions on S is 21'^' > 2^ ^^'"^ -"(i))^ where 1/q' is strictly greater than 1/q. 

8 Conclusion and Open Problems 

In this paper, we prove tight lower bounds on the smallest degree of a nonzero 
polynomial in the ideal generated by MODq or ^MODq in the polynomial ring 
Fp[xi,. . . ,Xn]/{x1 ~ xi, . . . ,a;^ — x„), p, g are coprime. For the MODq, our 
lower bound n/2 can be achieved when n is a multiple of 2^; For ^MODq, our 
lower bound [ "+*?" J is exact for every n and q, independent of prime p. The 
previous best results [ „, I,-, J is by Green [S], which uses different techniques. 

For the immunity of -^MODq, our lower bound is exact; for the immunity 
of MODq, our lower bound n/2 is tight for those n which is a multiple of 2q; 
for other cases, there is a gap of size at most q (Experiment shows the gap is at 
most 1). It would be nice if this small gap can be closed. 

Question 2. What is the exact immunity of Xg over filed Pp? 

In Section 3, after proving the lower bound of the immunity of Xgj 'we also 
constructed functions in (xq) with matching or nearly matching lower bound. 
It is natural to ask the following question. 

Question 3. Characterize all the nonzero functions in (xq) or (^Xg) with the 
minimum possible degree. 

In Section 7, we observe that if a Boolean function has immunity > n/2 — 
o{\/n) and |1/| = fl{2"), then / is uncorrelated with low degree polynomial in 
ring R = Pp[a;i, . . . , Xn]/{xl = xi,. . . ,x^ = Xn), and thus implies exponential 
AC°[p] circuit lower bound. We feel some complexity measure of a Boolean 
function might be closely related to some nice algebraic properties of the ideal 
(/), like immunity or Grobner basis. For a random Boolean function, such 
properties are difficult to compute. However, for some natural functions we are 
interested in, like Clique, Mod and Permanent, such algebraic properties might 
be exceptional and possible to compute. It's likely that there are more connec- 
tions between nice properties of the ideal (/) in R and some circuit complexity 
measures. In a recent paper [7], Kopparty and Srinivasan proved that ft{n) 
lower bound of two-sided immunity over P2 implies superlinear AC^ [©] circuit 

lower bound, and 

n n 

2 (logn)"(i) 
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lower bound of two-sided immunity implies superpolynomial ^C°[®] circuit 
lower bound. Therefore, we have the following general open question. 

Question 4. Are there more connections between circuit complexity of Boolean 
function / and some algebraic properties of ideal (/) in the ring Fp[xi, . . . , x„]/(a;^ 

Xi , . . . , X^ ^n } ■ 
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